Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:215259
HistorySep 18, 2001 - 12:00 a.m.

Microsoft Windows 2000 Telnet Service contains handle leak

2001-09-1800:00:00
www.kb.cert.org
14

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

74.5%

JSON

Overview

The Microsoft Windows 2000 Telnet Service contains a denial-of-service vulnerability that allows remote attackers to disrupt the telnet service on affected servers.

Description

The Microsoft Windows 2000 Telnet Service contains a resource starvation vulnerability that prevents the server from releasing handles when telnet sessions are terminated in a specific manner. If a sufficiently large number of session requests are established and then terminated in this manner, it is possible to consume all available handle resources, resulting in a denial-of-service attack against all services offered by the victim server.

Impact

This vulnerability allows a remote attacker to disrupt or crash affected Windows 2000 servers, resulting in a denial-of-service condition.

Solution

Apply a patch from your vendor

Microsoft has released a patch for this vulnerability; for further information, please consult the systems affected section below.

Disable telnet service

Sites that do not require the Windows 2000 Telnet Service may disable it to prevent exploitation of this vulnerability.

Vendor Information

215259

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft __ Affected

Updated: September 14, 2001

Status

Affected

Vendor Statement

Microsoft has addressed this vulnerability in the following Microsoft Security Bulletin

http://www.microsoft.com/technet/security/bulletin/MS01-031.asp

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has archived Microsoft’s announcement of MS01-031 at

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This document was written by Jeffrey P. Lanza and is based on information provided by Microsoft.

Other Information

CVE IDs: CVE-2001-0346
Severity Metric: 11.81 Date Public:

Related

cve 1
cve
cve
CVE-2001-0346
2001-07-21 04:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

74.5%

JSON
Related for VU:215259
cve1